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DETAILED ACTION 
Continued Examination Under 37 CFR 1,114 

1. A request for continued examination under 37 CFR 1.114, including the 
fee set forth in 37 CFR 1.17(e), was filed in this application after final rejection. Since 
this application is eligible for continued examination under 37 CFR 1.114, and the fee 
set forth in 37 CFR 1.17(e) has been timely paid, the finality of the previous Office 
action has been withdrawn pursuant to 37 CFR 1.114. Applicant's submission filed on 
March 30, 2006 has been entered. Claims 1-21 are pending. At this time, claims 1-21 
are rejected. 

Claim Rejections - 35 USC § 103 

2. The following is a quotation of 35 U.S.C. 103(a) which forms the basis for 
all obviousness rejections set forth in this Office action: 

(a) A patent may not be obtained though the invention is not identically disclosed or described as set 
forth in section 102 of this title, if the differences between the subject matter sought to be patented and 
the prior art are such that the subject matter as a whole would have been obvious at the time the 
invention was made to a person having ordinary skill in the art to which said subject matter pertains. 
Patentability shall not be negatived by the manner in which the invention was made, 

3. Claims 1-16, 18, and 20 are rejected under 35 U.S.C. 103(a) as being 
unpatentable over Ram et al (US 6,519,700 B1), in view of Vandergeest (US 6,247,127 
B1 ), and further in view of Hall (US 6, 1 38, 1 1 9). 

a. Referring to claim 1: 

i. Ram teaches a digital rights management system for 
controlling the distribution of digital content to player applications (column 4, lines 35-40 
of Ram), the system comprising: 

(1) a verification system (e.g. a rights enforcer) to 
validate the integrity of the player applications, and including a certificate generator for 
generating a certificate after inspecting the player application code and determining that 
a certain required property has been met by said code [i.e., a rights enforcer 524 is 
present to verify the user's identity, to compare a requested action by the user to 
those actions enumerated in the rights and permissions segment 514, and to 
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permit or deny the requested action depending on the specified rights (column 8, 
lines 37-41)]; 

(2) a trusted content handler (e.g. a user system) to 
decrypt content and to transmit the decrypted content to the player applications, using 
an extension mechanism defined by the application, and to enforce usage rights 
associated with the content [i.e., referring to Figure 1, the user 118 is then able to 
use his private key to decrypt the modified content 116 and view the original 
content 112 (column 6, lines 6-14). In addition, Figure 3 looks similar to FIG. 2, in 
that an encrypted document 310 is passed to a decryption step 312 (which uses a 
private key 314) and a rendering application 316, resulting in presentation data 
318 (column 6, lines 3-6)]; and 

(3) a user interface control module (e.g., a rights and 
permission segment) to ensure that the user interaction with the player applications 
does not violate the usage rights by intercepting and filtering messages sent from the 
user to the player application in accordance with a user rights set obtained by the user 
[i.e., a rights enforcer 524 is present to verify the user's identity, to compare a 
requested action by the user to those actions enumerated In the rights and 
permissions segment 514, and to permit or deny the requested action depending 
on the specified rights (column 8, lines 37-41). In addition, the rights and 
permissions segment 514 is cryptographically signed (by methods known in the 
art) to prevent tampering with the specified rights and permissions; it may also 
be encrypted to prevent the user from directly viewing the rights and permissions 
of himself and others (column 8, lines 23-27). Furthermore, Ram teaches a 
counterpart depolarization engine 528 is also included to enable the generation of 
clear presentation data from the polarized content (see Figure 4). The 
depolarization engine includes a set of secure window objects, providing a 
relatively tamper-proof interface to the rendering API (application program 
interface) of the user's system. The secure window objects are resistant to being 
intercepted, thereby reducing the possibility that the document, in its clear form. 
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can be reconstructed by intercepting and receiving the data intended for the 
operating system (column 8, lines 55-64 of Ram)]; 

(4) wherein components of the verification system, the 
trusted content handler, and user interface control module of the digital rights 
management system operate independently from the player application and reside 
locally in an end-user device having said player applications, and are dynamically linked 
to the application at run-time [i.e., the portions of the invention described in Ram's 
system that are described as software components could be implemented as 
hardware. Moreover, while certain functional blocks are described herein as 
separate and independent from each other, these functional blocks can be 
consolidated and performed on a single general-purpose computer, or further 
broken down into sub-functions as recognized in the art. (column 14, lines 5-12)]. 

i. Ram teaches the user's certificate as shown in column 11, 
line 4 and lines 30-31, however Ram does not explicitly mention a certificate generator 
for generating a certificate after inspecting the player application code and determining 
that a certain required property has been met by said code. On the other hand, 
Vandergeest teaches: 

(1) To ensure that the receiving party is using an 
authentic public key of the sending party, it obtains a signature public key certificate 
from the directory or a certification authority. The signature public key certificate 
includes the signature public key of the sending party and the signature of the 
certification authority. After obtaining the certificate, the receiving party first verifies the 
signature of the certification authority using a locally stored trusted public key of the 
certification authority. Once the signature of the certification authority has been verified, 
the receiving party can trust any message that was signed by the certification authority. 
Thus, the signature public key certificate that the receiving party obtained is verified and 
the signature public key of the sending party can be trusted to verify the signature of the 
sending party of the message (column 1, lines 52-67 of Vandergeest). Furthermore, 
referring to Figure 1 , Vandergeest teaches the certification authority 22 performs policy 
control for the communication system, which includes generating encryption and 
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signature public key certificates, establishing cross certificates, etc (column 3, lines 34- 
37 of Vandergeest). 

iii. It would have been obvious to a person having ordinary skill 
in the art at the time the invention was made to: 

(1) include the certificate generator and repository in 
Ram's SPD system for protection during document delivery from a document distributor 
to an intended user over a public network, as well as during document storage on an 
insecure medium (column 2, lines 17-20 of Ram). 

iv. The ordinary skilled person would have been motivated to: 
(1) include the certificate generator and repository in 

Ram's SPD system since certain trusted components can be deployed, one must 
continue to rely upon various unknown and untrusted elements and systems. On such 
systems, even if they are expected to be secure, unanticipated bugs and weaknesses 
are frequently found and exploited (column 2, lines 37-41 of Ram). 

V. Ram further teaches a self-protecting document (SPD) 
contains an encrypted document as well as a secure set of permissions and the 
software necessary to process the document; full decryption of the document is 
performed as late as possible so as to minimize the possibility of intercepting the 
document before it has been fully rendered to screen or to paper (see abstract of Ram). 
The combination of teaching between Ram and Vandergeest teaches a digital rights 
management system for controlling the distribution of digital content to player 
applications. However, they are silent on the capability of linking to the applications 
and/or programs at run-time. On the other hand, Hall teaches: 

(1) Descriptive data structure 200 may supply integrity 
constraints or rules that protect the integrity of corresponding content during use of 
and/or access to the content (column 12, lines 11-14 of Hall). In addition, Hall further 
teaches two different runtime, such as, runtime interpretation: It is possible to interpret a 
descriptive data structure at run time, providing materially increased efficiencies and 
timeliness. Runtime adaptability: Systems can adapt to dynamic data arriving in real 
time through use of descriptive data structures (column 9, lines 39-44 of Hall). 
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vi. It would have been obvious to a person having ordinary skill 
in the art at the time the invention was made to: 

(1) have modified the combined invention of Ram and 
Vandergeest with the teaching of Hall for protection during document delivery from a 
document distributor to an intended user over a public network, as well as during 
document storage on an insecure medium (column 2, lines 17-20 of Ram), 

vii. The ordinary skilled person would have been motivated to: 
(1) have modified the combined invention of Ram and 

Vandergeest with the teaching of Hall since certain trusted components can be 
deployed, one must continue to rely upon various unknown and untrusted elements and 
systems. On such systems, even if they are expected to be secure, unanticipated bugs 
and weaknesses are frequently found and exploited (column 2, lines 37-41 of Ram). 

b. Referring to claim 4: 

i. Ram further teaches: 

(1) wherein the player applications request protected 
content, and the trusted content handler includes an authenticator to verify that a player 
application that requests protected content has been authorized by the verification 
system to access the requested, protected content [i.e., the operation performed 
when a user receives an SPD are depicted in the flow diagram of Figure 7. The 
SPD is first received and stored at the user's system (step 710); in many usage, it 
is not necessary to use the SPD right away. When usage is desired, the user is 
first authenticated as discussed above (column 12, lines 11-32 of Ram)]. 

c. ReferririQ to claim 5: 

i. Ram further teaches: 

(1) wherein a user interface control module traps user 
interface related messages generated as a result of user interactions with player 
applications, blocks messages that lead to usage rights violations, and passes through 
other messages to the player applications [i.e., the generic SPD 610 is received by 
the distributor 114, and is stored for later customization. When a user request 
624 is received by the distributor 114 (either directly or through the clearinghouse 
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122 or other intermediary), the distributor 114 creates a set of user permissions 
(step 626) that is consistent with both the user request 624 and the rights 
specification 614. If there is no such consistent set of permissions, then no 
further action is performed on that user's behalf (other than an optional 
notification message to the user) (column 11, lines 47-56 of Ram)]. 

d. Referrina to claims 6 and 10: 

i. Claim 6 consist a digital rights management method for 
controlling the distribution of digital content to player application to implement claim 1, 
thus they are rejected with the same rationale applied against claim 1 above. 

ii. Claim 10 consist a computer program product readable by 
machine to perform method for controlling the distribution of digital content to player 
application to implement claim 1, thus they are rejected with the same rationale applied 
against claim 1 above. 

e. Referrina to claims 9 and 13: 

i. These claims have limitations that is similar to those of claim 
4, thus they are rejected with the same rationale applied against claim 4 above. 

f. Referring to claim 2: 

i. Ram teaches the claimed subject matter, however Ram 
does not explicitly mention an off line verifier to verify that the player applications have 
certain properties, and to issue trust certificates to verify that the player applications 
have said properties. On the other hand, Vandergeest teaches: 

(1) The secure information includes the certificates of 
end-users, or targeted communication entities. While the off-line end-user may receive 
the certificates for all other end-users of the system, typically, the off-line end-user will 
only request the certificates of end-users of interest, i.e., ones that will be involved in a 
secure communication with the off-line end-user. The secure information may further 
include cross-certificates 38, an authority revocation list 38, and a certificate revocation 
list 40. The off-line end-user verifies the secure information by comparing a time stamp 
of the security information with a validity period, which is based on the frequency at 
which the revocation lists 38 and 40 are updated. Thus if the revocation list 38 and 40 
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are updated daily, the validity period is 24 hours. The off-line end-user may further 
verify the security information by ensuring that a trust party (e.g., a trusted certification 
authority) signed the security information and the trusted party is not identified on the 
authority revocation list. The off-line end-user may still further verify the security 
information by determining that certificate of the at least one targeted communication is 
not on the certificate revocation list. The off-line end-user may even further verify the 
security information by ensuring that appropriate key usage, i.e., encryption keys are 
used for encryption purposes and verification keys are used for verification purposes. 
The off-line end-user may still even further verify the security information by ensuring 
policy compliance regarding the security information and messages based thereon 
(column 4, lines 45-66 of Vandergeest). 

iii. It would have been obvious to a person having ordinary skill 
in the art at the time the invention was made to: 

(1) clearly disclose a certificate generator in Ram for 
providing off-line secure communication (column 2, lines 51-52 of Vandergeest). 

iv. The ordinary skilled person would have been motivated to: 
(1) include the off-line verification to allow end-users to 

go off-line from a security information repository (e.g., a directory, a certification 
authority, or a server), and confidently participate in secure communications. As such, 
an end-user, while off-line, may securely and in a trustworthy manner, read encrypted e- 
mail messages, prepare secure outgoing messages, access encryption protected 
folders, etc (column 3, lines 3-9 of Vandergeest). 
g. Referring to claim 3: 

i. Ram further teaches: 

(1) wherein the verification system further includes a 
verifying launcher for verifying that a particular player application is certified as a trusted 
application before digital content is transmitted to said particular player application [i.e., 
enforcement of rights and verification of conditions associate with rights is 
performed using the SPD (self-protecting-document) technology (column 10, 
lines 2-4). The generic SPD 610 is created by combining the pre-processed 
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content 612, the pre-processed rights specification 614, and the watermark 616. 
A watermark may be added by any means known in the art; it may be either 
visible or concealed within the SPD. The generic SPD 610 may also optionally be 
encrypted by the author/publisher 110 for transmission to the distributor 114 as 
shown in Figure 1 (column 11, lines 39-46 of Ram)]. 

h. Referring to claims 7 and 11: 

i. These claims have limitations that is similar to those of claim 

2, thus they are rejected with the same rationale applied against claim 2 above. 

i. Referring to claims 8 and 12: 

i. These claims have limitations that is similar to those of claim 

3, thus they are rejected with the same rationale applied against claim 3 above. 

j. Referring to claim 14: 

i. This claim consist a code identity and integrity verification 
system to verify code for controlling the distribution of digital content to player 
application to implement claims 1 and 2, thus they are rejected with the same rationale 
applied against claims 1 and 2 above. 

k. Referring to claim 15: 

i. Ram further teaches: 

(1) wherein the code verifier is responsible for launching 
the player application and verifying the identity and integrity of the code using the 
information in the trust certificate before launching the application; the launch procedure 
returning process identification information, which the code verifier records internally; 
the authenticator communicating the same or other process identification information 
concerning its own process, which it obtains from system service calls, to the code 
verifier at the time the application requests: content from the authenticator; the code 
verifier matching this process identification information against the process identification 
information it recorded; the code verifier returning a code indicating whether the process 
was verified or not [i.e., the self-protecting document 510 includes three major 
functional segments: an executable code segment 512 contains certain portions 
of executable code necessary to enable the user to use the encrypted document; 
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a rights and permissions segment 514 contains data structures representative of 
the various levels of access, that are to be permitted to various users; and a 
content segment 516 includes the encrypted content 116 (FIG. 1) sought to be 
viewed by the user (column 7, lines 52-60). A secure viewer 530 is optionally 
included in the executable code segment 512. The secure viewer 530 is used to 
permit only those levels of access that are permitted according to the rights and 
permissions segment 514. For example, if the user purchased only sufficient 
rights to view a document (and not to save or print it), the viewer will not permit 
the user to save, print, or perform the standard cut-and-paste operations possible 
in most modern operating systems (column 9, lines 8-15 of Ram)]. 

1. Referrino to claim 16: 

i. This claim has limitations that is similar to those of claim 15, 
thus it is rejected with the same rationale applied against claim 15 above. 

m. Referring to claims 18 and 20: 

1. These claims have limitations that is similar to those of claim 
14, thus they are rejected with the same rationale applied against claim 14 above. 

4. Claims 17, 19, and 21 are rejected under 35 U.S.C. 103(a) as being 
unpatentable over Ram et a! (US 6,519,700 B1), in view of Vandergeest (US 6,247,127 
B1 ), in view of Hall (US 6, 1 38, 1 1 9), and further in view of Peinado (US 6,775,655). 

a. Referring to claim 1 7: 

1. The combination of teachings between Ram, Vandergeest 
and Hall teaches the user's certificate as shown in column 11, line 4 and lines 30-31 of 
Ram; and Vandergeest teaches, as shown in Figure 1, the certification authority 22 
performs policy control for the communication system, which includes generating 
encryption and signature public key certificates, establishing cross certificates, etc 
(column 3, lines 34-37 of Vandergeest). Vandergeest further teaches: 

(1) wherein the trust certificate includes: a program 
identifier identifying said one of the applications; a property name identifying an attribute 
certified by the trust certificate; a code digest of the one application; a digital signature 
containing a secret key of the application certifier; and a certifier identification containing 
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a public key of the application certifier [i.e., the certificates 34 each include a public 
key of a particular end-user in the communication system. Each certificate 34 
also includes a signature of a certification authority. When a user receives the 
certificate, it verifies the signature of the certification authority and once verified, 
can confidently use the public key of the end-user to encrypt and/or verify 
signatures of the end-user identified in the certificate. The cross-certificates 36 
each include the signature key of a certification authority and the signature of a 
trusted certification authority. With a cross-certificate, an end-user may use the 
signature of another certification authority 3 to verify certificates signed by the 
another certification authority. This can only be done If a trusted certification 
authority signs the cross certificate. The authority revocation list 38 indicates 
which certification authorities have lost their status as a certification authority. In 
other words, the authority revocation list 38 Indicates which certification 
authorities' signatures can no longer be trusted. The certificate revocation list 40 
includes a list of end-users whose certificates have been revoked (column 3, lines 
46-65 of Vandergeest)]. 

ii. However, Ram, Vandergeest, and Hall do not explicitly 
mention the identification of the certificate. On the other hand, Peinado teaches: 

(1 ) The public key of the black box 30 of the DRM system 
32 (PU-BB); the version number of the black box 30 of the DRM system 32; a certificate 
with a digital signature from a certifying authority certifying the black box 30 (where the 
certificate may in fact include the aforementioned public key and version number of the 
black box 30); the content ID (or package ID) that identifies the digital content 12 (or 
package 12p); the key ID that identifies the decryption key (KD) for decrypting the digital 
content 12;) (column 18, lines 60-67 through column 19, lines 1-4 of Peinado). 
Furthermore, the certificate with the digital signature from the certifying authority, also 
discussed above in connection with the license acquisition function, is a proffer or 
vouching mechanism from the certifying authority that a license server 24 should trust 
the black box 30. Of course, the license server 24 must trust the certifying authority to 
issue such a certificate for a black box 30 that is in fact trustworthy. It may be the case. 
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in fact, that the license server 24 does not trust a particular certifying authority, and 
refuses to honor any certificate issued by such certifying authority. Trust may not occur, 
for example, if a particular certifying authority is found to be engaging in a pattern of 
improperly issuing certificates (column 22, lines 36-48 of Peinado). 

iii. It would have been obvious to a person having ordinary skill 
in the art at the time the invention was made to: 

(1) include the certificate identification in Ram's SPD 
system for protection during document delivery from a document distributor to an 
intended user over a public network, as well as during document storage on an insecure 
medium (column 2, lines 17-20 of Ram). 

iv. The ordinary skilled person would have been motivated to: 
(1) include the certificate identification in Ram's SPD 

system since certain trusted components can be deployed, one must continue to rely 
upon various unknown and untrusted elements and systems. On such systems, even if 
they are expected to be secure, unanticipated bugs and weaknesses are frequently 
found and exploited (column 2, lines 37-41 of Ram). 

b. Referring to claims 19 and 21: 

i. These claims have limitations that is similar to those of claim 
17, thus they are rejected with the same rationale applied against claim 17 above. 

Conclusion 

5. The prior art made of record and not relied upon is considered pertinent to 
applicant's disclosure. 

Any inquiry concerning this communication or earlier communications from 
the examiner should be directed to Thanhnga (Tanya) Truong whose telephone number 
is 571-272-3858. 

If attempts to reach the examiner by telephone are unsuccessful, the 
examiner's supervisor, Kim Vu can be reached on 571-272-3859. The central fax 
number for the organization where this application or proceeding is assigned is 571- 
273-8300. 
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Any inquiry of a general nature or relating to the status of this application 
or proceeding should be directed to the receptionist whose telephone number is 571- 
272-2100. 



TBT 

June 08, 2006 




